Introduction

This page walks through the steps to set up NXRM to test Docker Firewall using https://registry-1.docker.io

See the official docs at https://help.sonatype.com/repomanager3/formats/docker-registry

Prerequisites
Step 1. Create a new Proxy Repository in NXRM
Step 2. Enable Firewall for the New Proxy Repo
Step 3. Run Docker Image for the Dependency Manager
Step 4. Set the environment to download packages from NXRM
Step 5. Install a package
Step 6. Browse NXRM to view it
Step 7. View the Firewall Report
Step 8. Test Quarantine
Step 9. Notes

Prerequisites

IQ Server installed and running
NXRM 3 installed and running and configured with the IQ Server
Docker for Mac installed and running

Step 1. Create a new Proxy Repository in NXRM

Use https://registry-1.docker.io as the Remote URL. Accept default values for the remainder of the settings.

Step 2. Enable Firewall for the New Proxy Repo

Step 5. Use docker for mac to pull an image

docker pull host.docker.internal:19443/ubuntu

Observe the inbound requests to NXRM in the request.log file:

172.18.0.1 - - [10/Nov/2020:16:38:52 -0500] "GET /nexus/repository/docker-group/v2/ HTTP/1.1" 401 - 113 12 "docker/19.03.13 go/go1.13.15 git-commit/4484c46d9d kernel/5.4.39-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.13 \(darwin\))" [qtp15707558-344] host=host.docker.internal:19443 forwarded-proto=- forwarded-host=- forwarded-port=- forwarded-server=- "new-forwarded=-" "RUT=-" "foo=-"
172.18.0.1 - michaelmworthingon-docker [10/Nov/2020:16:38:54 -0500] "GET /nexus/repository/docker-group/v2/ubuntu/manifests/latest HTTP/1.1" 200 - 1201 2262 "docker/19.03.13 go/go1.13.15 git-commit/4484c46d9d kernel/5.4.39-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.13 \(darwin\))" [qtp15707558-344] host=host.docker.internal:19443 forwarded-proto=- forwarded-host=- forwarded-port=- forwarded-server=- "new-forwarded=-" "RUT=-" "foo=-"
172.18.0.1 - michaelmworthingon-docker [10/Nov/2020:16:38:56 -0500] "GET /nexus/repository/docker-group/v2/ubuntu/manifests/sha256:1d7b639619bdca2d008eca2d5293e3c43ff84cbee597ff76de3b7a7de3e84956 HTTP/1.1" 200 - 943 1886 "docker/19.03.13 go/go1.13.15 git-commit/4484c46d9d kernel/5.4.39-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.13 \(darwin\))" [qtp15707558-382] host=host.docker.internal:19443 forwarded-proto=- forwarded-host=- forwarded-port=- forwarded-server=- "new-forwarded=-" "RUT=-" "foo=-"
172.18.0.1 - michaelmworthingon-docker [10/Nov/2020:16:39:00 -0500] "GET /nexus/repository/docker-group/v2/ubuntu/blobs/sha256:a254829d9e55168306fd80a49e02eb015551facee9c444d9dce3b26d19238b82 HTTP/1.1" 200 - 162 3276 "docker/19.03.13 go/go1.13.15 git-commit/4484c46d9d kernel/5.4.39-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.13 \(darwin\))" [qtp15707558-383] host=host.docker.internal:19443 forwarded-proto=- forwarded-host=- forwarded-port=- forwarded-server=- "new-forwarded=-" "RUT=-" "foo=-"
172.18.0.1 - michaelmworthingon-docker [10/Nov/2020:16:39:00 -0500] "GET /nexus/repository/docker-group/v2/ubuntu/blobs/sha256:d70eaf7277eada08fca944de400e7e4dd97b1262c06ed2b1011500caa4decaf1 HTTP/1.1" 200 - 3352 3321 "docker/19.03.13 go/go1.13.15 git-commit/4484c46d9d kernel/5.4.39-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.13 \(darwin\))" [qtp15707558-357] host=host.docker.internal:19443 forwarded-proto=- forwarded-host=- forwarded-port=- forwarded-server=- "new-forwarded=-" "RUT=-" "foo=-"
172.18.0.1 - michaelmworthingon-docker [10/Nov/2020:16:39:00 -0500] "GET /nexus/repository/docker-group/v2/ubuntu/blobs/sha256:ba13d3bc422b493440f97a8f148d245e1999cb616cb05876edc3ef29e79852f2 HTTP/1.1" 200 - 847 3792 "docker/19.03.13 go/go1.13.15 git-commit/4484c46d9d kernel/5.4.39-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.13 \(darwin\))" [qtp15707558-389] host=host.docker.internal:19443 forwarded-proto=- forwarded-host=- forwarded-port=- forwarded-server=- "new-forwarded=-" "RUT=-" "foo=-"
172.18.0.1 - michaelmworthingon-docker [10/Nov/2020:16:39:03 -0500] "GET /nexus/repository/docker-group/v2/ubuntu/blobs/sha256:6a5697faee43339ef8e33e3839060252392ad99325a48f7c9d7e93c22db4d4cf HTTP/1.1" 200 - 28558714 6588 "docker/19.03.13 go/go1.13.15 git-commit/4484c46d9d kernel/5.4.39-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.13 \(darwin\))" [qtp15707558-372] host=host.docker.internal:19443 forwarded-proto=- forwarded-host=- forwarded-port=- forwarded-server=- "new-forwarded=-" "RUT=-" "foo=-"

Step 6. Browse the Proxy Repo

Step 7. Go to the Firewall Report

Repo List

IQ Server Report

Step 8. Test Quarantine

Not Supported

Step 9. Notes

The NXRM Tree View shows the Quarantined component:

Not Supported

You can view the component information panel (CIP) right in NXRM

Not supported

docker firewall demo - michaelmworthington/codesamples GitHub Wiki

Introduction

Table of Contents

Prerequisites

Step 1. Create a new Proxy Repository in NXRM

Step 2. Enable Firewall for the New Proxy Repo

Step 5. Use docker for mac to pull an image

Step 6. Browse the Proxy Repo

Step 7. Go to the Firewall Report

Step 8. Test Quarantine

Step 9. Notes

The NXRM Tree View shows the Quarantined component:

You can view the component information panel (CIP) right in NXRM

⚠️ GitHub.com Fallback ⚠️

docker firewall demo - michaelmworthington/codesamples GitHub Wiki

Introduction

Table of Contents

Prerequisites

Step 1. Create a new Proxy Repository in NXRM

Step 2. Enable Firewall for the New Proxy Repo

Step 5. Use docker for mac to pull an image

Step 6. Browse the Proxy Repo

Step 7. Go to the Firewall Report

Step 8. Test Quarantine

Step 9. Notes

The NXRM Tree View shows the Quarantined component:

You can view the component information panel (CIP) right in NXRM

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️